IBM Dropbox, iCloud Ban Highlights Cloud Security Issues

IBM might have signed onto a limited version of the “Bring Your Own Device” policy currently gripping many companies, but it has reportedly banned employees from using certain cloud-based apps such as Dropbox.

According to a widely circulated May 21 story in Technology Review, IBM not only forbids Dropbox and cloud services such as Apple’s iCloud, but has put its proverbial foot down on smartphone-generated WiFi hotspots, as well as the practice of auto-forwarding work email to personal email accounts. “We found a tremendous lack of awareness as to what constitutes a risk,” Jeanette Horan, IBM’s chief information officer, told the publication.

When approached for comment, an IBM spokesperson said: “No comment as the story speaks for itself.”

The introduction of commercial cloud services into an enterprise context has become a source of consternation for many an IT professional, and not only on the security front. Dave Robinson, an executive with online-backup firm Mozy (and one of its first employees), suggested in an interview that many clients adopting his company’s products want very specific functionality.

“You do get into one-offs, where one organization’s environment is different from others,” he said, “and they use niche software, and that forces us to make decisions; in some instances, we might do a one-off work.” In general, he added, companies want “a very robust administrative dashboard” in addition to strong security and the ability to set policies.

Those requirements haven’t stopped companies from gravitating toward software originally designed for consumers. “About 70 percent of our business is B2B [business-to-business], and 30 percent is consumer,” he said. “It was 100 percent consumer in 2007.” The challenge in that context is to keep the core product simple and streamlined, in contrast to many pieces of enterprise software that offer dashboards loaded with dozens of very granular controls and options.

Dropbox declined to discuss its business market or security.

Security remains a top concern for businesses thinking of adopting cloud-based consumer apps. “That can cover everything from data safety/recovery to securing data in transit and at rest to whether a vendor can meet a company’s compliance requirements,” Charles King, principal analyst at Pund-IT, wrote in an email. “The same issues touch most cloud services/service providers, but the issues are more important by orders of magnitude in the business world than they are in the consumer space.”

For companies with particularly stringent requirements, such as IBM, it seems the go-to solution is to either ban consumer-centric apps and services, or else institute very specific security policies that regulate those products’ behavior.